The remote host is missing updates announced in advisory GLSA 200404-13.
All CVS users should upgrade to the latest stable version. # emerge sync # emerge -pv '>=dev-util/cvs-1.11.15' # emerge '>=dev-util/cvs-1.11.15' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200404-13 http://bugs.gentoo.org/show_bug.cgi?id=47800 http://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=188.8.131.52&content-type=text/x-cvsweb-markup
There are two vulnerabilities in CVS one in the server and one in the client. These vulnerabilities allow the reading and writing of arbitrary files on both client and server.